This series fixes a lockdep "possible recursive locking" splat in
amdgpu_devcoredump_format() that fires on every GPU timeout once a job
with a PASID context is involved. With amdgpu.gpu_recovery=0 the timeout
handler refires every ~2 s, so the splat repeats until it drowns the
kernel ring buffer. It is also a real self-deadlock for IB BOs that
share their dma_resv with the root PD (the always-valid case).
The root cause: amdgpu_devcoredump_format() holds the VM root PD's
reservation and then reserves each IB BO on top of it, nesting two
reservation_ww_class_mutex acquires without a ww_acquire_ctx.
v1 fixed this with a snapshot helper that collected BO references under
the root reservation and reserved them one by one afterwards. Christian
pointed out that drm_exec already solves exactly this — lock everything
in one ww ticket — and suggested teaching amdgpu_vm_lock_by_pasid()
to take a drm_exec context. This v3 follows that approach.
Because amdgpu_vm_lock_by_pasid() has a second caller in the page-fault
path, the series is split so each patch builds and works on its own:
1/2 Convert amdgpu_vm_lock_by_pasid() to take a drm_exec context and
lock the root PD via amdgpu_vm_lock_pd(). Updates the existing
caller, amdgpu_vm_handle_fault(). Pure refactor, no functional
change to the page-fault path.
2/2 Use the new signature in amdgpu_devcoredump_format(): lock the
root PD and every IB BO together in one drm_exec ticket. The
per-IB amdgpu_bo_reserve() nesting is gone, along with a BO
refcount leak on the old reserve-failure path. This is the
actual bug fix and carries the Fixes: tag.
Tested on Linux 7.1-rc4 + this series, Radeon RX 7900 XTX (gfx1100),
KASAN + PROVE_LOCKING enabled, using a small libdrm_amdgpu reproducer
that submits a GFX IB chained at GPU VA 0 and waits for the hang. Before
the series the splat fires on every TDR; after it the dmesg is clean
across repeated timeouts and the devcoredump output is unchanged.
v1:
https://lore.kernel.org/amd-gfx/[email protected]/
v2:
https://lore.kernel.org/amd-gfx/[email protected]/
Changes since v2:
- Reworked along the lines Christian suggested: instead of a private
snapshot helper and a separate drm_exec pass, amdgpu_vm_lock_by_pasid()
now takes a drm_exec context directly (patch 1), and the devcoredump
code locks the root PD and all IB BOs in a single ticket (patch 2).
- Dropped the amdgpu_devcoredump_ib_ref struct and the three
collect/lock/release helpers from v2 entirely.
Changes since v1:
- Switched from per-IB amdgpu_bo_reserve() to drm_exec.
- Dropped the Cc: stable tag: the regression only landed in 7.1-rc1, so
the fix reaches 7.1 via drm-fixes without a stable backport.
Mikhail Gavrilov (2):
drm/amdgpu: convert amdgpu_vm_lock_by_pasid() to drm_exec
drm/amdgpu: fix recursive ww_mutex acquire in
amdgpu_devcoredump_format
.../gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c | 103 ++++++++++++------
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++++----
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 3 +-
3 files changed, 122 insertions(+), 56 deletions(-)
--
2.54.0
